New Ad Fraud Combines Domain Spoofing with In-App Bundle

The International Advertising Bureau introduced the Ads.txt standard last year in order to prevent the practice of domain-spoofing, whereby digital advertising platforms are duped into thinking that fraudulent or fake websites are “selling” legitimate ads. Last year there was roughly $33 billion spent on digital advertising platforms so safeguarding this investment is critical.

The Ads.txt standard has been a good start – it essentially verifies the companies allowed to sell ads and creates transparency through the supply chain so that advertisers and publishers can make sure ads are being properly placed and money is being well-spent. A new scam though hits at a blind-spot that the standard has when it comes to mobile in-app advertising. This blind-spot allows spoofers to load ads into apps (or bundle them) under a fake domain name (in this case TV Guide was an example) that included ad placements for all sorts of fake content and media.

The scam has been reported in AdWeek and you can check out more details on it by clicking here.

While scams, and particularly ad scams, are getting more sophisticated, the use of domains and websites as bases or launching points for fraud is not stopping and is in fact only picking up momentum. Monitoring and cleaning up the supply chain in digital ad platforms is critical, along with a stable and consistent effort to secure domain names, websites and social handles that are at the forefront of much of this fraud.